From 5d1b1908a5d45d2cd8ccd0773874621ef9edf808 Mon Sep 17 00:00:00 2001 From: Fenris Wolf Date: Thu, 9 Oct 2025 01:41:40 +0200 Subject: [PATCH] [task-406] tlscert_selfsigned --- roles/tlscert_selfsigned/cfg.schema.json | 14 ++++++++++++ roles/tlscert_selfsigned/defaults/main.json | 3 ++- roles/tlscert_selfsigned/tasks/main.json | 25 +++++++++++++-------- 3 files changed, 32 insertions(+), 10 deletions(-) create mode 100644 roles/tlscert_selfsigned/cfg.schema.json diff --git a/roles/tlscert_selfsigned/cfg.schema.json b/roles/tlscert_selfsigned/cfg.schema.json new file mode 100644 index 0000000..c06145c --- /dev/null +++ b/roles/tlscert_selfsigned/cfg.schema.json @@ -0,0 +1,14 @@ +{ + "nullable": false, + "type": "object", + "properties": { + "domain": { + "nullable": false, + "type": "string" + } + }, + "additionalProperties": false, + "required": [ + "domain" + ] +} diff --git a/roles/tlscert_selfsigned/defaults/main.json b/roles/tlscert_selfsigned/defaults/main.json index 06c1a9a..9fe02ee 100644 --- a/roles/tlscert_selfsigned/defaults/main.json +++ b/roles/tlscert_selfsigned/defaults/main.json @@ -1,3 +1,4 @@ { - "var_tlscert_selfsigned_domain": "foo.example.org" + "cfg_tlscert_selfsigned_defaults": { + } } diff --git a/roles/tlscert_selfsigned/tasks/main.json b/roles/tlscert_selfsigned/tasks/main.json index bed8255..cbe8ea6 100644 --- a/roles/tlscert_selfsigned/tasks/main.json +++ b/roles/tlscert_selfsigned/tasks/main.json @@ -1,4 +1,11 @@ [ + { + "name": "show vars", + "when": "switch_show_vars", + "ansible.builtin.debug": { + "var": "vars.cfg_tlscert_selfsigned" + } + }, { "name": "install packages", "become": true, @@ -28,19 +35,19 @@ "name": "csr | generate private key", "become": true, "community.crypto.openssl_privatekey": { - "path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem" + "path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem" } }, { "name": "csr | execute", "become": true, "community.crypto.openssl_csr": { - "privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem", - "common_name": "{{var_tlscert_selfsigned_domain}}", + "privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem", + "common_name": "{{cfg_tlscert_selfsigned.domain}}", "subject_alt_name": [ - "DNS:{{var_tlscert_selfsigned_domain}}" + "DNS:{{cfg_tlscert_selfsigned.domain}}" ], - "path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem" + "path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem" }, "register": "temp_csr" }, @@ -48,17 +55,17 @@ "name": "generate certificate", "become": true, "community.crypto.x509_certificate": { - "privatekey_path": "/etc/ssl/private/{{var_tlscert_selfsigned_domain}}.pem", - "csr_path": "/etc/ssl/csr/{{var_tlscert_selfsigned_domain}}.pem", + "privatekey_path": "/etc/ssl/private/{{cfg_tlscert_selfsigned.domain}}.pem", + "csr_path": "/etc/ssl/csr/{{cfg_tlscert_selfsigned.domain}}.pem", "provider": "selfsigned", - "path": "/etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem" + "path": "/etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem" } }, { "name": "compose fullchain", "become": true, "ansible.builtin.shell": { - "cmd": "cat /etc/ssl/certs/{{var_tlscert_selfsigned_domain}}.pem > /etc/ssl/fullchains/{{var_tlscert_selfsigned_domain}}.pem" + "cmd": "cat /etc/ssl/certs/{{cfg_tlscert_selfsigned.domain}}.pem > /etc/ssl/fullchains/{{cfg_tlscert_selfsigned.domain}}.pem" } } ]